Springboot+shiro 踢出SessionId

运用场景 : 管理员踢出在线用户，让其页面失效。重登便可激活

思路：

1.利用sessionId ，若是踢出 将其标记为 0，重定向到 踢出页面

2.在登陆的时候，将sessionId 标记为1，表示 已激活 能够正常使用

3.将 sessionId 和值，存入redis hash表里面，每次比较 从redis 中取出

4.利用  HandlerInterceptorAdapter 拦截器，注：该拦截器 内 可以使用@Autowired注入， 比较方便

 

// 继承 HandlerInterceptorAdapter

package com.example.springboot.shiro.core.shiro.filter;


import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import redis.clients.jedis.Jedis;
import redis.clients.jedis.JedisPool;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


public class SessionControlInterceptor extends HandlerInterceptorAdapter {
    @Autowired
    private JedisPool jedisPool;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        //若是没有登陆,直接返回true
        if (!subject.isAuthenticated()) {
            return true;
        }
        Jedis jedis = null;
        String sessionidVal = null;
        try {
            String sessionId = request.getSession().getId();
            jedis = jedisPool.getResource();
            sessionidVal = jedis.hget("sessionIdMap", sessionId);
            System.err.println("在redis中 取出 sessionIdMap 表 中的值 ");
            if (sessionidVal.equals("0")) {

                WebUtils.issueRedirect(request, response, "kickout");
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (jedis != null) {
                jedis.close();
            }
        }
        return Boolean.TRUE;
    }

}

//配置 HandlerInterceptorAdapter

package com.example.springboot.shiro.core.shiro.config;

import com.example.springboot.shiro.core.shiro.filter.SessionControlInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

/**
 * SessionId 踢出 | HandlerInterceptorAdapter  配置
 */
@Configuration

public class WebSecurityConfig extends WebMvcConfigurerAdapter {
    @Bean
    public SessionControlInterceptor getSessionControlInterceptorFilter(){
        return  new SessionControlInterceptor();
    }
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        InterceptorRegistration addInterceptor = registry.addInterceptor(getSessionControlInterceptorFilter());

        // 排除配置
        addInterceptor.excludePathPatterns("/unauthorized");
        addInterceptor.excludePathPatterns("/login**");

        // 拦截配置
        addInterceptor.addPathPatterns("/index");
        addInterceptor.addPathPatterns("/list");
        addInterceptor.addPathPatterns("/online");
        addInterceptor.addPathPatterns("/role");
        addInterceptor.addPathPatterns("/Roleassignment");
        addInterceptor.addPathPatterns("/permissionlist");
        addInterceptor.addPathPatterns("/PermissionAssignment");

    }
}

 //在登陆方法前设置 sessionId 值为1

//认证经过后 把登陆的用户状态 标记 为 1 激活
            redisUtils.setSessionIdMapHash(sessionId);


// 激活方法

  public void setSessionIdMapHash(String sessionId) {
        Jedis jedis = null;
        try {

            jedis = jedisPool.getResource();
            jedis.hset("sessionIdMap", sessionId, "1");
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (jedis != null) {
                jedis.close();
            }
        }

    }